Search for packages
| purl | pkg:deb/debian/graphicsmagick@1.3.30%2Bhg15796-1~deb9u4 |
| Next non-vulnerable version | 1.4+really1.3.36+hg16481-2+deb11u1 |
| Latest non-vulnerable version | 1.4+really1.3.36+hg16481-2+deb11u1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1fqp-p2k2-fkcb
Aliases: CVE-2019-11006 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
Affected by 2 other vulnerabilities. |
|
VCID-2rzs-sh3g-y7cu
Aliases: CVE-2018-20189 |
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. |
Affected by 2 other vulnerabilities. |
|
VCID-35av-smac-3ydp
Aliases: CVE-2019-11010 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |
Affected by 2 other vulnerabilities. |
|
VCID-8677-4f5t-qyfp
Aliases: CVE-2019-11506 |
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. |
Affected by 2 other vulnerabilities. |
|
VCID-8ah9-4uh7-zqca
Aliases: CVE-2019-19950 |
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. |
Affected by 2 other vulnerabilities. |
|
VCID-8kv1-b3x8-uqff
Aliases: CVE-2020-10938 |
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
Affected by 2 other vulnerabilities. |
|
VCID-9z4q-mjxk-fbb4
Aliases: CVE-2019-16709 |
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. |
Affected by 2 other vulnerabilities. |
|
VCID-a4yb-hm77-7bgc
Aliases: CVE-2020-21679 |
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. |
Affected by 2 other vulnerabilities. |
|
VCID-b27q-mqxc-u3e3
Aliases: CVE-2019-12921 |
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. |
Affected by 2 other vulnerabilities. |
|
VCID-b577-vsed-9qar
Aliases: CVE-2020-12672 |
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. |
Affected by 0 other vulnerabilities. |
|
VCID-cf5a-phww-muaa
Aliases: CVE-2019-19951 |
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. |
Affected by 2 other vulnerabilities. |
|
VCID-cjxw-4tkx-57fc
Aliases: CVE-2018-18544 |
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. |
Affected by 2 other vulnerabilities. |
|
VCID-dufk-krbw-zyaz
Aliases: CVE-2019-11005 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. |
Affected by 2 other vulnerabilities. |
|
VCID-emsu-ggm4-cfgx
Aliases: CVE-2019-7397 |
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. |
Affected by 2 other vulnerabilities. |
|
VCID-fntn-tj5w-pqbs
Aliases: CVE-2019-19953 |
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. |
Affected by 2 other vulnerabilities. |
|
VCID-gf28-wcd2-1ba2
Aliases: CVE-2019-11473 |
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
Affected by 2 other vulnerabilities. |
|
VCID-h4n2-becy-1bcr
Aliases: CVE-2022-1270 |
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. |
Affected by 0 other vulnerabilities. |
|
VCID-jk8u-6zza-3bb2
Aliases: CVE-2018-20184 |
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. |
Affected by 2 other vulnerabilities. |
|
VCID-nawq-r66d-57cu
Aliases: CVE-2019-11008 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
Affected by 2 other vulnerabilities. |
|
VCID-puvv-3zyz-vycf
Aliases: CVE-2019-11474 |
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
Affected by 2 other vulnerabilities. |
|
VCID-qx81-5pqz-5yc4
Aliases: CVE-2019-11505 |
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. |
Affected by 2 other vulnerabilities. |
|
VCID-udaf-5ex7-n7hh
Aliases: CVE-2018-20185 |
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. |
Affected by 2 other vulnerabilities. |
|
VCID-xq3y-ra8t-wket
Aliases: CVE-2019-11009 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. |
Affected by 2 other vulnerabilities. |
|
VCID-yrzc-5zar-a7f4
Aliases: CVE-2019-11007 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-11cz-t3xf-duba |
CVE-2017-11403
|
|
| VCID-2k48-j758-p7cc |
CVE-2017-13777
|
|
| VCID-2s94-4au4-97ar |
CVE-2017-6335
|
|
| VCID-2xxn-6eu8-tqb4 |
CVE-2016-5241
|
|
| VCID-3d8w-4n71-6kfe |
CVE-2017-13066
|
|
| VCID-3hhp-7tgj-uucz |
CVE-2017-10799
|
|
| VCID-3szd-yqpp-z7ex |
CVE-2017-13776
|
|
| VCID-3yt9-gada-4fda |
CVE-2017-13063
|
|
| VCID-4232-wr2w-6yh6 |
CVE-2017-14042
|
|
| VCID-44ws-1fbu-ekcv |
CVE-2016-5118
|
|
| VCID-575b-carw-3khf |
CVE-2016-7448
|
|
| VCID-5kqx-t8q9-mff5 |
CVE-2016-3718
|
|
| VCID-65fz-w5bs-9yar |
CVE-2017-14504
|
|
| VCID-6u48-av3f-vyb3 |
CVE-2016-7449
|
|
| VCID-7vv4-9w88-x3ar |
CVE-2017-11722
|
|
| VCID-8ah9-4uh7-zqca | In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. |
CVE-2019-19950
|
| VCID-8kv1-b3x8-uqff | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
CVE-2020-10938
|
| VCID-8rc2-p5v4-2kc6 |
CVE-2017-14103
|
|
| VCID-8xnj-pzzj-aqeg |
CVE-2017-9098
|
|
| VCID-9636-hma3-2ub6 |
CVE-2017-17501
|
|
| VCID-9bq4-v2z7-mke2 |
CVE-2017-16352
|
|
| VCID-9daj-mnup-zubc |
CVE-2017-16669
|
|
| VCID-avyb-ksuy-y7a5 | The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. |
CVE-2017-18220
|
| VCID-awa1-uamm-rfak |
CVE-2017-17912
|
|
| VCID-b1zn-941t-aygf |
CVE-2016-3716
|
|
| VCID-b27q-mqxc-u3e3 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. |
CVE-2019-12921
|
| VCID-c75p-v1p9-nkcy |
CVE-2017-16353
|
|
| VCID-c97j-9n6e-8qdg | security update |
CVE-2015-8808
|
| VCID-cf5a-phww-muaa | In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. |
CVE-2019-19951
|
| VCID-ckyw-5dwh-33bg |
CVE-2017-17783
|
|
| VCID-d88e-jn8u-qfcj |
CVE-2017-15238
|
|
| VCID-e9mm-eur5-1qg7 |
CVE-2017-17915
|
|
| VCID-epk5-g2b5-7kbh | security update |
CVE-2016-2318
|
| VCID-eprw-kpgk-5fez |
CVE-2017-12935
|
|
| VCID-etpc-jnqs-zfb8 |
CVE-2017-17782
|
|
| VCID-fha7-vanm-h3gn |
CVE-2016-3714
|
|
| VCID-fntn-tj5w-pqbs | In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. |
CVE-2019-19953
|
| VCID-fr9w-2mg6-jfhp |
CVE-2016-7997
|
|
| VCID-fx8k-m7c3-4keg |
CVE-2016-3717
|
|
| VCID-gkn1-7gcp-3ug5 |
CVE-2016-3715
|
|
| VCID-gmeg-47cb-p3an |
CVE-2017-14649
|
|
| VCID-hmt5-ya6n-5qda | In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
CVE-2018-9018
|
| VCID-j1rx-4dhq-9yfh | An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. |
CVE-2017-18230
|
| VCID-jfh9-u9js-u3dp |
CVE-2017-17502
|
|
| VCID-jjb1-163z-yff1 |
CVE-2017-11643
|
|
| VCID-jyue-jpb4-jkdq |
CVE-2017-16545
|
|
| VCID-kb69-t4qh-5bd1 | ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection |
CVE-2016-5239
|
| VCID-kes4-8ng9-23dj |
CVE-2017-11102
|
|
| VCID-knkb-ccyy-d3dt | An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. |
CVE-2017-18231
|
| VCID-kq8b-q4ru-pbc6 |
CVE-2017-14314
|
|
| VCID-m6ba-exa9-h3dq |
CVE-2017-14997
|
|
| VCID-m9ds-d49x-dkhf |
CVE-2017-16547
|
|
| VCID-ncx1-1ahb-93dr |
CVE-2016-8683
|
|
| VCID-nru8-551q-mqd5 | In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. |
CVE-2018-5685
|
| VCID-nvka-wzu2-6baa |
CVE-2017-13775
|
|
| VCID-nz9v-g2jm-vueu |
CVE-2017-10800
|
|
| VCID-p2pb-7674-zubm |
CVE-2017-15930
|
|
| VCID-p3mj-drck-9bba |
CVE-2017-17913
|
|
| VCID-p6e8-3xbu-vbbf |
CVE-2017-13648
|
|
| VCID-pwcn-1d12-syed |
CVE-2017-11638
|
|
| VCID-q9na-38rd-k3ap |
CVE-2016-7447
|
|
| VCID-qb7s-4ady-zbhb |
CVE-2017-11139
|
|
| VCID-qrh1-qskq-rqaq | An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. |
CVE-2017-18219
|
| VCID-qsdy-s3u1-7fec |
CVE-2016-2317
|
|
| VCID-rd9u-98hw-cubd |
CVE-2017-14994
|
|
| VCID-rdd7-w36n-xygc |
CVE-2016-9830
|
|
| VCID-rupv-nnef-bkd6 |
CVE-2017-14165
|
|
| VCID-sd7n-dw3a-kyds |
CVE-2017-11140
|
|
| VCID-sgmb-vgj8-hqa4 |
CVE-2017-17503
|
|
| VCID-sgwq-4zfm-77gv |
CVE-2017-11637
|
|
| VCID-shr5-kw12-kbb4 |
CVE-2017-10794
|
|
| VCID-sjmh-4u6k-6bda |
CVE-2016-7446
|
|
| VCID-st3z-wjtb-3fgg | ImageMagick: SVG converting issue resulting in DoS |
CVE-2016-5240
|
| VCID-szm1-wzwg-kfbh |
CVE-2017-13065
|
|
| VCID-t3ku-4ep7-2be8 |
CVE-2017-17500
|
|
| VCID-u2tu-r83d-vfck |
CVE-2017-14733
|
|
| VCID-usk7-drvz-bbbe |
CVE-2016-8682
|
|
| VCID-v792-2tw6-tbgj |
CVE-2017-11641
|
|
| VCID-wbnz-b12d-tbcb | An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. |
CVE-2017-18229
|
| VCID-ws9h-nkcc-9udr |
CVE-2017-13064
|
|
| VCID-wv94-hvju-6udu |
CVE-2017-13134
|
|
| VCID-xaxn-b85s-5ka7 |
CVE-2017-11642
|
|
| VCID-xh9y-xm1d-s7fb |
CVE-2017-13147
|
|
| VCID-xngz-nud6-fqcv | The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. |
CVE-2018-6799
|
| VCID-xybk-saas-47bk |
CVE-2017-12936
|
|
| VCID-y2gk-bddb-byg9 |
CVE-2017-17498
|
|
| VCID-y3vu-ccjt-m7c6 |
CVE-2016-8684
|
|
| VCID-y8ad-j9y4-eygu |
CVE-2017-11636
|
|
| VCID-yae7-8bk6-wbd3 |
CVE-2017-13737
|
|
| VCID-yd84-b41b-b7fn |
CVE-2016-7996
|
|
| VCID-yhn5-5vn3-tqbf |
CVE-2016-7800
|
|
| VCID-z1ae-j5z1-yyeh |
CVE-2017-12937
|
|
| VCID-zwhg-xzgp-tuff |
CVE-2017-15277
|